Bug 19835

Summary: lxc new security issue CVE-2016-8649
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thierry Vignaud <thierry.vignaud>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: kernel
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://lwn.net/Vulnerabilities/707364/
Whiteboard:
Source RPM: lxc-2.0.0-5.mga6.src.rpm CVE:
Status comment:
Bug Depends on: 20439    
Bug Blocks:    

Description David Walser 2016-11-24 13:31:22 CET 
A security issue fixed upstream in LXC has been announced:
http://openwall.com/lists/oss-security/2016/11/23/6

The upstream commit that fixed the issue is linked in the message above, and patches for 1.0 and 2.0 are attached to the launchpad bug linked there.

Additionally, it will be fixed in versions 1.0.9 and 2.0.6.

There may be a kernel patch necessary as well, but I'm not sure if we need it since we don't use SELinux/AppArmor.
David Walser 2016-11-24 13:31:37 CET

CC: (none) => kernel
Whiteboard: (none) => MGA5TOO

Comment 1 David Walser 2016-11-25 19:57:45 CET 
Ubuntu has issued an advisory for this on November 23:
http://www.ubuntu.com/usn/usn-3136-1

URL: (none) => https://lwn.net/Vulnerabilities/707364/

David Walser 2017-06-04 19:54:38 CEST

Depends on: (none) => 20439

Comment 2 David Walser 2017-06-04 19:55:19 CEST 
Fixed in lxc-2.0.0-6.mga6.

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 3 David Walser 2017-06-12 11:40:00 CEST 
Fixed:
http://advisories.mageia.org/MGASA-2017-0167.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED